CIO Wall

Shyamol B Das

Deputy Managing Director & CIO - Meghna Bank Ltd. - Bangladesh

CIO Perspectives

The Pandemic triggered digital and remote working making Cyber Security one of the top priorities for organizations. In this context, tell us briefly how your organization managed the transition to remote working during the pandemic? How did you manage employees logging into the corporate network or accessing critical resources and remain protected from cyber-attacks? Tell us about some of the unique security best practices that you have implemented to protect your organization against cyber-attacks?

As we have all seen in the pandemic, there has been an over 600 per cent of increase in phishing attacks on organisations. Phishing and BYOD are two key elements that are directly related to active directory penetration. During the pandemic, you will find that most of the attacks have been devised through email carrying the subject line ‘COVID-19’ that immediately draws our attention. Of course, there were other areas as well like brand impersonation and email compromise. We have allowed employees to use their own device and to access through Teams, but we forgot at that time, employees might also access Teams from their mobile phones. That is a very vulnerable area.

However, as I said, the hybrid mode is here to stay, but starting anything new means increasing risks for the organisation. In our organisation, we have beefed up security measures and increased monitoring and set up a SOC (Security Operations Centre) for constant surveillance.

Board Readiness for Cyber Attack this Afternoon

Cyber security is a hot topic in Bangladesh today, but around 2005, when I started working, it was not important. But after the recent Bangladesh Bank hacking incident, on board members have become conscious. In a financial institution, board members usually come from different backgrounds and it becomes difficult to give the ownership of cyber security to non-technical people. It is important of have a board member who will understand the importance of information security. Today the board members in my organisation are more conscious and prepared to take the shock of possible hacking.